For first time, US military says it would use offensive cyberweapons

The military is assembling 13 teams of programmers dedicated to offensive attacks.

For the first time ever, the Obama administration has publicly admitted to developing offensive cyberweapons that could be aimed at foreign nations during wartime.

According to an article published Tuesday night by The New York Times, that admission came from General Keith Alexander, the chief of the military's newly created Cyber Command. He said officials are establishing 13 teams of programmers and computer experts who would focus on offensive capabilities. Previously, Alexander publicly emphasized defensive strategies in electronic warfare to the almost complete exclusion of offense.

"I would like to be clear that this team, this defend-the-nation team, is not a defensive team," Alexander, who runs both the National Security Agency and the new Cyber Command, told the House Armed Services Committee on Tuesday. "This is an offensive team that the Defense Department would use to defend the nation if it were attacked in cyberspace. Thirteen of the teams that we’re creating are for that mission alone."

Alexander's testimony came the same day the nation's top intelligence official, James R. Clapper Jr., told Congress that major computer attacks on the United States could so cripple the country's infrastructure that they represented the most dangerous immediate threat to the US. The risk rivaled attacks by global terrorist networks, he said. According to the NYT, it was the first time Clapper listed cyberattacks first in his presentation and the rare occasion since the September 11, 2001 attacks that intelligence officials didn't list international terrorists first among dangers facing the country. Clapper did go on to say spy agencies saw only a "remote chance" in the next two years of a major computer attack on the US.

Promoted Comments

The Cyber Command is a very weird place. It's a military outfit (part of the Air Force Space Command IIRC) that uses mostly civilian employees. At what point does a private citizen cease to be a civilian and become a soldier when engaged in "cyber warfare?"

It's a very good question, but this odd grey zone already exists. There are plenty of private contractors in places with active military today. While most are cooks, admins and so forth, there are also civilians in positions with guns in deployed locations. I personally find the privatization of the military somewhat concerning. We do need to relieve the military of the grunt work -- no one peels potatoes anymore -- so they can focus on their own jobs, which are increasingly technical and specialized. But the idea of "mercenaries" rankles a bit.

More relevant to this particular kind of job, private contractors are more often than not the ones who design, produce and program the hardware and software found on the front lines, and the software used to directly support the warfighter. Where do you draw the line when contractors write the missile deployment and guidance software?

I used to write software supporting the warfighter: at no point did I ever feel like a soldier. I was sitting in a cubicle in an office building. It's not remotely the same as the guys risking their necks -- even the military personnel in non-combat support positions are still in a dangerous place or could be deployed to a dangerous place, and I wasn't and I could quit if I didn't want to move. Protectiveness for "my guys" (whom I never met)? Sure. Kinship? No.

I suspect the cyber warfare computer staff may feel the same. While they will be in an offensive role, they will be doing it from somewhere secure or at worst secured by other guys with guns. Perhaps most importantly, they won't have gone through the process of being indoctrinated in military culture. That indoctrination is part of what makes our military a cohesive and effective group.

The Cyber Command is a very weird place. It's a military outfit (part of the Air Force Space Command IIRC) that uses mostly civilian employees. At what point does a private citizen cease to be a civilian and become a soldier when engaged in "cyber warfare?"

Coming from someone who works in Air Force Material Command (a primarily 'civilian' organization), we typically refer to civil service (GS-scale government employees) as 'civilians' to distinguish them from active duty military, however they are not 'civilians' in the conventional sense of the word - they are DoD members. Civil service employees perform many of the same functions, especially in highly technical organizations (like AFRL), as active duty members (including leadership roles).

As previously mentioned, a contractor is a 'civilian' in the conventional sense of the word, but working for a company that has been awarded a government contract.

85 Reader Comments

The Cyber Command is a very weird place. It's a military outfit (part of the Air Force Space Command IIRC) that uses mostly civilian employees. At what point does a private citizen cease to be a civilian and become a soldier when engaged in "cyber warfare?"

"Marta gives Togusa a tour and describes the closed shell syndrome, some children become addicted to the 'net and need to be quarantined Many young patients are seen with blank faces and seemingly suffering mental illness. Marta and Togusa enter a large curving room with many high tech pod-style workstations. Some kids have high cyber skills and are used for programming "barrier mazes" which even the government uses. One young man is shown staring at a display, making very rapid keystrokes and blood drips from a nostril." -IMDB

Does this surprise anyone? I would be extremely worried if we didn't have offensive abilities. I think one of the most important issues in this discussion is who is in charge of what, what are the limits, and who has oversight? Have all these cyber initiatives been slotted in under the normal chains of command (Air-force, NSA, CIA, etc), or are some of them off in wishy-washy new areas that congress and others aren't used to looking at? We need to make some decisions about where the capability will live and who they will be responsible to, and where they can "operate", which is not an easy question when dealing with the internet. Can they hit foreign cyber assets technically on US or friendly soil? Can they hit shared US assets on foreign soil if they have enemy activity? What about "innocent bystander" computers that make up botnets? Right now everyone takes a pretty hands off approach, but in wartime is it ok to brick those devices (or commandeer them) to stop an attack even if some/all of them belong to US citizens? There is a lot to discuss.

Quote:

At what point does a private citizen cease to be a civilian and become a soldier when engaged in "cyber warfare?"

That's a good question, but I'll go one further, what does it mean to be a soldier? It's unlikely these people will be in harm's way. It's also true that at least for the near term, effectively recruiting people with the right skills is going to take a lot more money and a lot less rigidity than the armed services can provide. In time, if they set up and publicize training and work conditions, cool toys, etc, they might get good recruits, but growing effective hackers is much different than teaching someone to maintain machinery or fire a gun, and the people who are effective aren't likely to respond well to boot camp, hackers aren't cogs. In normal scenarios the activities these people participate in won't result in death. OTOH, people under order of the US government are going to expect protection from law enforcement in the countries they are targeting assets in (which aren't necessarily going to be the enemy countries themselves), will they need to be service members to have that protection?

Bad luck to be the legitimate owner of a zombie/relay pwned for purposes considered suitable for removal using lethal force. Won't do much to increase the risk of those using multiple relays to avoid disclosing their real origin.

...growing effective hackers is much different than teaching someone to maintain machinery or fire a gun, and the people who are effective aren't likely to respond well to boot camp, hackers aren't cogs.

I'm not sure what your experience is with military/ex-military guys, but assuming they're only good for blue-collar jobs (or that the armed forces only produces blue-collar workers) is a mistake. I've spent the last 5 years practically tripping over vets who work in development after switching jobs from an ad agency to a software firm.

I'd be fascinated to know how these weapons are developed - I'm guessing that there's a few sets of people who code some parts and review others team's parts whilst having very little idea of what a small, highly controlled group in the centre are doing with the overall set - like the UK's Bletchley Park in WW2.

I wouldn't be surprised if the true purpose of the parts being written outside the core team were obfuscated in some way.

I'm not sure what your experience is with military/ex-military guys, but assuming they're only good for blue-collar jobs (or that the armed forces only produces blue-collar workers) is a mistake. I've spent the last 5 years practically tripping over vets who work in development after switching jobs from an ad agency to a software firm.

I don't assume that, but there isn't a lot of creativity or independent thought promoted in the military. That's not to say people don't retain those things and use them after they get out, but the system isn't set up to encourage them. Even the MOSs that require more education/intelligence are generally just skilled labor rather than the kind of creativity and lateral thinking hackers need to be effective.

The Cyber Command is a very weird place. It's a military outfit (part of the Air Force Space Command IIRC) that uses mostly civilian employees. At what point does a private citizen cease to be a civilian and become a soldier when engaged in "cyber warfare?"

Well I think that's a fine line. I mean people that work on Aerospace and Missile systems are not solders, they simply build the weapon. So if a team of programmers build weaponized payloads are they then soldiers? Or is it a separate team that builds and then "soldiers" that deploy?

Also I think it's purely how the money is marked and spent. I.e. military contractors that can be employed but not hit the budget kind of thing. Same concept is used on corporations all the time. And let's not forget the sequester is hot off the press.

The Cyber Command is a very weird place. It's a military outfit (part of the Air Force Space Command IIRC) that uses mostly civilian employees. At what point does a private citizen cease to be a civilian and become a soldier when engaged in "cyber warfare?"

It's a very good question, but this odd grey zone already exists. There are plenty of private contractors in places with active military today. While most are cooks, admins and so forth, there are also civilians in positions with guns in deployed locations. I personally find the privatization of the military somewhat concerning. We do need to relieve the military of the grunt work -- no one peels potatoes anymore -- so they can focus on their own jobs, which are increasingly technical and specialized. But the idea of "mercenaries" rankles a bit.

More relevant to this particular kind of job, private contractors are more often than not the ones who design, produce and program the hardware and software found on the front lines, and the software used to directly support the warfighter. Where do you draw the line when contractors write the missile deployment and guidance software?

I used to write software supporting the warfighter: at no point did I ever feel like a soldier. I was sitting in a cubicle in an office building. It's not remotely the same as the guys risking their necks -- even the military personnel in non-combat support positions are still in a dangerous place or could be deployed to a dangerous place, and I wasn't and I could quit if I didn't want to move. Protectiveness for "my guys" (whom I never met)? Sure. Kinship? No.

I suspect the cyber warfare computer staff may feel the same. While they will be in an offensive role, they will be doing it from somewhere secure or at worst secured by other guys with guns. Perhaps most importantly, they won't have gone through the process of being indoctrinated in military culture. That indoctrination is part of what makes our military a cohesive and effective group.

[He said] major computer attacks...could so cripple the country's infrastructure that they represented the most dangerous immediate threat...[to rival] attacks by global terrorist networks

Am I alone in reading this as "so, not really a threat at all?" There's a reason that the "closest" we've come since 9/11 was the shoe bomber and the underwear bomber, and it's NOT TSA groping enhanced pat-downs or "nudie scanners," it's simply not blatantly ignoring all of the intelligence saying "no, really, they're planning this."

That's a horrific analogy, because most of these organizations (or rather individual cells with no overarching organization, but that's a whole different story / propaganda campaign / conspiracy) DON"T post a real threat if we're even half-awake. On the other hand, computer attacks DO pose a legitimate threat, have for years, and it keeps getting proven as we get hit, we hit others, and proofs-of-concept are released as fast as we can read about them.

The Cyber Command is a very weird place. It's a military outfit (part of the Air Force Space Command IIRC) that uses mostly civilian employees. At what point does a private citizen cease to be a civilian and become a soldier when engaged in "cyber warfare?"

Coming from someone who works in Air Force Materiel Command (a primarily 'civilian' organization), we typically refer to civil service (GS-scale government employees) as 'civilians' to distinguish them from active duty military, however they are not 'civilians' in the conventional sense of the word - they are DoD members. Civil service employees perform many of the same functions, especially in highly technical organizations (like AFRL), as active duty members (including leadership roles).

As previously mentioned, a contractor is a 'civilian' in the conventional sense of the word, but working for a company that has been awarded a government contract.

"[T]his defend-the-nation team, is not a defensive team.... This is an offensive team that the Defense Department would use to defend the nation...."

Is it just me, or is this a bit of Orwellian Newspeak?

It's just you.

I can see the confusion though. Defensive can mean things like firewalls, or it can mean the team you have ready to send out when a threat is approaching or to respond to an attack. It's why we call it the Department of Defense, though we haven't always treated it that way.

The Cyber Command is a very weird place. It's a military outfit (part of the Air Force Space Command IIRC) that uses mostly civilian employees. At what point does a private citizen cease to be a civilian and become a soldier when engaged in "cyber warfare?"

Coming from someone who works in Air Force Material Command (a primarily 'civilian' organization), we typically refer to civil service (GS-scale government employees) as 'civilians' to distinguish them from active duty military, however they are not 'civilians' in the conventional sense of the word - they are DoD members. Civil service employees perform many of the same functions, especially in highly technical organizations (like AFRL), as active duty members (including leadership roles).

As previously mentioned, a contractor is a 'civilian' in the conventional sense of the word, but working for a company that has been awarded a government contract.

Also worth noting that the GS employees typically make two to three times (or more) as much money (AFTER calculating value of active duty benefits) as those of us active duty doing the same job. I'm totally not bitter... (96 days until terminal!)

his comments make it seem as if the US is behind the curve when it comes to cyber attacks--or is reluctantly being forced to resort to these tactics--when, in fact, America is a leader in deploying cyber weapons. "it's not us. it's them."

Why do I feel like I'm about to lose a few more constitutionally-guaranteed civil liberties in order to keep America safe from the Internet?

Don't worry, you're much too late for that. NSA already has wiretaps on every core router in the US, and as many undersea cables & satellite links as they can manage. The military officially getting into the game now doesn't change anything.

The military has drones; the CIA has drones. The CIA has black hats; the military has black hats. They do the exact same things, but the military ones are subject to substantially more public oversight. You shouldn't be any more worried today than you were yesterday. But you definitely should have been worried yesterday.

The Denver Post, on February 15th, ran an Associated Press article entitled Homeland Security aims to buy 1.6b rounds of ammo, so far to little notice. It confirmed that the Department of Homeland Security has issued an open purchase order for 1.6 billion rounds of ammunition. As reported elsewhere, some of this purchase order is for hollow-point rounds, forbidden by international law for use in war, along with a frightening amount specialized for snipers. Also reported elsewhere, at the height of the Iraq War the Army was expending less than 6 million rounds a month. Therefore 1.6 billion rounds would be enough to sustain a hot war for 20+ years.

I heard North Korea's reaction to this was to download a version of WinNuke and threaten all current unpatched Windows 95 installations in the US.

Boy, am I getting Old !!! So for all you long time Computer Geeks and Users of the Internet let me jog your Memory.This one just to LOL !Anyone happen to remember the really cool and funny screen saver you would send to a friend as a joke back around Win95 Days.You enabled the screen saver and it showed your whole Hard Drive Being Deleted.Newbies would FREAK the Frak Out thinking their Computer was being Deleted and Infested.A friend of mine sent it to me and I laughed so much.It was the funniest prank.

The Denver Post, on February 15th, ran an Associated Press article entitled Homeland Security aims to buy 1.6b rounds of ammo, so far to little notice. It confirmed that the Department of Homeland Security has issued an open purchase order for 1.6 billion rounds of ammunition. As reported elsewhere, some of this purchase order is for hollow-point rounds, forbidden by international law for use in war, along with a frightening amount specialized for snipers. Also reported elsewhere, at the height of the Iraq War the Army was expending less than 6 million rounds a month. Therefore 1.6 billion rounds would be enough to sustain a hot war for 20+ years.

While alarming if true, I would do some fact-checking on that. For starters, that's a personal blog, not officially forbes (forbes offers hosting and the url to pretty much anyone that wants it; it has the appearance of credibility to those that don't know better, but is really no more credible than any random wordpress or livejournal post). Also, one has to ask where the funding is coming from; the DoD just eliminated ALL tuition assistance, DoD-wide, with notice (the notices started trickling out monday; it was effective as of the previous sunday), and is making massive cuts elsewhere in every place it can. How are they planning to pay for it when we can't even afford sustainment of current operations and benefits?

Mind you i'm active duty, so when I say notices, I'm talking the shit from my chain of command, not the rumor mill on the web or propaganda on tv.

The Denver Post, on February 15th, ran an Associated Press article entitled Homeland Security aims to buy 1.6b rounds of ammo, so far to little notice. It confirmed that the Department of Homeland Security has issued an open purchase order for 1.6 billion rounds of ammunition. As reported elsewhere, some of this purchase order is for hollow-point rounds, forbidden by international law for use in war, along with a frightening amount specialized for snipers. Also reported elsewhere, at the height of the Iraq War the Army was expending less than 6 million rounds a month. Therefore 1.6 billion rounds would be enough to sustain a hot war for 20+ years.

While alarming if true, I would do some fact-checking on that. For starters, that's a personal blog, not officially forbes (forbes offers hosting and the url to pretty much anyone that wants it; it has the appearance of credibility to those that don't know better, but is really no more credible than any random wordpress or livejournal post). Also, one has to ask where the funding is coming from; the DoD just eliminated ALL tuition assistance, DoD-wide, with notice (the notices started trickling out monday; it was effective as of the previous sunday), and is making massive cuts elsewhere in every place it can. How are they planning to pay for it when we can't even afford sustainment of current operations and benefits?

Mind you i'm active duty, so when I say notices, I'm talking the shit from my chain of command, not the rumor mill on the web or propaganda on tv.

Google it, it has appeared on many sites.When the Fed is printing millions of dollars and the economy is getting progressively worse (15000 pumped up dow not withstanding), the possibility of civil unrest is real. I was there when USSR has collapsed, and the run up is familiar. All wars have always been caused by ruined economies. USSR, Argentina, Europe 1913, 1936... the examples are many. And in the best traditions of USSR, mass media is a pure propaganda machine these days.

"[T]his defend-the-nation team, is not a defensive team.... This is an offensive team that the Defense Department would use to defend the nation...."

Is it just me, or is this a bit of Orwellian Newspeak?

Outside of sports, when it's very clear who "has the ball", the terms "offense" and "defense" lose their clarity. In real life, there is no ball (ie, something that obligates you to be on the offense).

I suppose real life is more like a race. Think more like "Mario Kart" rather than "Olympic race", since obviously racers can and do interfere with each other. Is dropping the banana peel an offensive or defensive move?

You're familiar with the phrase "the best defense is a really good offense"?

The Denver Post, on February 15th, ran an Associated Press article entitled Homeland Security aims to buy 1.6b rounds of ammo, so far to little notice. It confirmed that the Department of Homeland Security has issued an open purchase order for 1.6 billion rounds of ammunition. As reported elsewhere, some of this purchase order is for hollow-point rounds, forbidden by international law for use in war, along with a frightening amount specialized for snipers. Also reported elsewhere, at the height of the Iraq War the Army was expending less than 6 million rounds a month. Therefore 1.6 billion rounds would be enough to sustain a hot war for 20+ years.

While alarming if true, I would do some fact-checking on that. For starters, that's a personal blog, not officially forbes (forbes offers hosting and the url to pretty much anyone that wants it; it has the appearance of credibility to those that don't know better, but is really no more credible than any random wordpress or livejournal post). Also, one has to ask where the funding is coming from; the DoD just eliminated ALL tuition assistance, DoD-wide, with notice (the notices started trickling out monday; it was effective as of the previous sunday), and is making massive cuts elsewhere in every place it can. How are they planning to pay for it when we can't even afford sustainment of current operations and benefits?

Mind you i'm active duty, so when I say notices, I'm talking the shit from my chain of command, not the rumor mill on the web or propaganda on tv.

Google it, it has appeared on many sites.When the Fed is printing millions of dollars and the economy is getting progressively worse (15000 pumped up dow not withstanding), the possibility of civil unrest is real. I was there when USSR has collapsed, and the run up is familiar. All wars have always been caused by ruined economies. USSR, Argentina, Europe 1913, 1936... the examples are many. And in the best traditions of USSR, mass media is a pure propaganda machine these days.

I won't dispute anything you've said. I've said myself we're slowly approaching the point of no return where there will either be some kind of uprising or we'll be too far gone to stop the march towards realizing the entirety of Orwelle's dystopia.

All I am saying is to exercise some critical thinking, especially when you do nothing but link to a personal blog. There's also the fact that while yes, hollow point ammunition is illegal under the geneva conventions, those do not apply to the current situation overseas. We are not engaged in a war, we are engaged in police actions against illegal combatants (terrorists and insurgents, rather than a national military). Legally, hollow point ammunition could be used as a result (though is normally not, for political reasons). It could also be used, as you imply, to put down a civil uprising, as it's also perfectly legal for use on american citizens (and even to purchase by civilians; I only ever loaded hydra-shocks in my beretta, unless i was target shooting - because they're expensive -- becausethe simple fact is that a 9mm FMJ round has zero stopping power).

I read some highly libertarian websites (for fun and fear) and that bullet story from kot_matroskin is quite common. Still doesn't make me believe it. It might be something to do with how it's sandwiched between stories about certain massacres being faked and Obama being a black, Muslim, communist, ninja from outer space who's here to steal your twinkies.

Still it's whataboutery in it's highest form, has nothing to do with this story, and I just fed the troll. Huzzah.